Director, Data Classification and Protection

Job Description

Position Summary

The Estée Lauder Companies (ELC) Inc. is a Fortune 500, multinational manufacturer and marketer of prestige skincare, makeup, fragrance and hair care products, headquartered in New York City. As the global leader in prestige beauty, we touch over half a billion consumers a year. The company owns a diverse portfolio of brands, distributed internationally through both digital commerce and retail channels.

This position is within the company’s Enterprise Cybersecurity and Risk organization. The role directs the Data Classification and Protection Program, which includes projects and initiatives related to the identification, classification, labeling, and protection of sensitive corporate information. Job responsibilities include, but are not limited to, the following:

Key Roles & Responsibilities

  • Coordinate and conduct searches for sensitive and regulated data on company networks; identify key information owners; provide guidance on classifying, labeling, and the use / handling of data; and assist with the design and implementation of data classification and rights management solutions.
  • Lead risk assessment activities across the enterprise to determine the sensitivity of new and existing data and determine how to identify, classify, protect, and monitor both structured and unstructured data to prevent unauthorized access, loss, or compromise.
  • Assess, recommend, and help implement process improvement programs for data management, classification, and security.
  • Collaborate with various stakeholders and businesses to identify, define, implement, and maintain sensitive and business critical data in accordance with legal, regulatory, contractual, and industry standards.
  • Oversee the development of training, education, and communication materials for data classification and data protection tools and processes.
  • Facilitate training and education sessions.
  • Plan, develop, and implement programs to educate users on corporate policies related to information classification, labeling, use, and handling.
  • Develop and publish data classification metrics, reports, and updates.
  • Coordinate with various stakeholders and data owners to conduct and refresh inventories of sensitive and regulated data residing on the company’s network.
  • Oversee budgets and manage cost implications of data classification and data protection activities, projects, and initiatives.
  • Manage highly confidential and sensitive information and conform to best handling practices.


  • Experience managing data classification and data lifecycle processes.
  • Detailed understanding of data classification concepts and products.
  • Extensive experience working with the concepts of data integrity, data privacy, and data security.
  • Thorough understanding of database management systems, data storage and transfers, network components, and tiered architectures.
  • Demonstrated understanding of best practices for successful data management and protection.
  • Experience overseeing risk management techniques and practices. In-depth knowledge of the use and application of commonly used IT security controls, such as encryption, authentication techniques, logging, and contingency planning.
  • Experience documenting standard operating procedures and working with senior management to gain acceptance.
  • Experience presenting training and educational materials.
  • Hands-on experience responding to internal audit findings by researching solutions and recommending process improvements.
  • Demonstrated communication skills with the ability to build relationships with business stakeholders to get results.
  • Experience implementing and managing Data Loss Prevention (DLP) solutions.
  • Detailed knowledge of the elements that constitute personally identifiable information (PII), personal health information (PHI), sensitive financial information, payment card industry (PCI) data, General Data Protection Regulation (GDPR) data.
  • Knowledge of China’s Data Security Law, Personal Information Protection Law, and other data security and privacy laws within Asia.
  • Experience handling, securing, and communicating highly confidential and sensitive information.
  • Project management experience is desired.
  • Minimum Education Level: Undergraduate degree in technology or equivalent professional experience
  • Minimum Years of Experience: 10
  • Licenses or Certifications: CISSP, CISM, CIPP certifications or equivalent desirable

Job: Information Technology
Primary Location: Americas-US-NY-Long Island City
Job Type: Standard
Schedule: Full-time
Shift: 1st (Day) Shift
Job Number: 226563

We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. It is Company‘s policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact

More Information

Apply for this job

Leave your thoughts